Chapter 13: The Subscriber Identity Module: Past, Present and Future Klaus Vedder 1 13.1 Introduction Since its conception in 1988 the Subscriber Identity Module (SIM) has undergone continuous development extending its technical and functional capabilities. Initially, it was defined as a security module to authenticate the user to the network providing, at the same time, some very limited amount of memory for network and private user data. In those days, smart cards were still in their infancy. The technological and market requirements of GSM, its need for a global solution and its growing market power shaped the face of the SIM and changed the world of the smart card. Today’s SIMs offer more than just security. They are a secure platform for operator defined services allowing operator differentiation by exploiting the power of the microcomputer in the SIM. All this could not have been achieved without the close co- operation of all parties involved in its standardisation. 13.2 The Committee From a dozen participants at the first meetings in 1988 to about 70 delegates at the last meeting in January 2000 reflecting the growing importance of the SIM: SIMEG, SMG9 ‘‘SIM Aspects’’ and SMG9 ‘‘IC Card Aspects’’. Three names and only two chairmen for one committee which in 56 ordinary plenary and hundreds of working party and ad-hoc meetings: † defined the Plug-in SIM, which has become the best-selling smart card; † required the use of high temperature plastic material to support the new environment; † specified new and advanced electrical and physical parameters such as low power consumption and the 3 V smart card interface; and † advanced the SIM from a security and storage device to a secure platform for value added services. 1 The views expressed in this chapter are those of the author and do not necessarily reflect the views of his affiliation entity. GSM and UMTS: The Creation of Global Mobile Communication Edited by Friedhelm Hillebrand Copyright q 2001 John Wiley & Sons Ltd ISBNs: 0-470-84322-5 (Hardback); 0-470-845546 (Electronic) The first meeting of the Subscriber Identity Module Expert Group (SIMEG) was hosted by the Dutch PTT in January 1988. SIMEG had been established as an expert group by GSM-WP1 2,3 to deal with all issues concerning the SIM and its interface to the mobile, thus covering a specific issue within the scope of its parent body, Working Party 1 (WP1), which was responsible for developing the GSM services. The first change in name and status was in April 1994 when, reflecting the importance of the SIM for the GSM system, the plenary meeting of TC SMG 4 held in Regensdorf, Switzerland ‘‘ decided to raise the group of experts dealing with the specifications of the Subscriber Identity Module to the status of an STC’’ . As a Sub Technical Committee (STC), SMG9 reported now directly to TC SMG, the technical committee responsible for the specification of GSM and UMTS. 5 SIMEG had become STC SMG9 ‘‘ SIM Aspects’’ . Four years later in June 1998, SMG9 changed its name from ‘‘ SIM Aspects’’ to ‘‘ IC Card Aspects’’ . The scope of SMG9 had been extended to include work on smart cards of a generic nature which had been part of the responsibility of the disbanded TC ICC (Integrated Circuit Cards). With the foundation of the Third Generation Partnership Project (3GPP) in late 1998, the UMTS work of SMG9 was trans- ferred to the USIM group within 3GPP and the future of SMG9 seemed to be quite predictable. It was assumed that all the work of SMG9 would, eventually, be transferred. The emerging need for a common smart card platform for the various mobile communica- tion systems created a completely new scenario. SMG9 was ‘‘ closed’’ by the ETSI Board on 29 March 2000 to be succeeded by ETSI Project Smart Card Platform (EP SCP). This committee inherited the generic work of SMG9 as part of its task to specify such a common smart card platform. The GSM specific work of SMG9 was handled by the new committee on an interim basis until a few months later, with the closure of TC SMG, all GSM work was transferred to 3GPP. 13.3 The Early Years The first SIMEG plenary meeting in January 1988 was attended by nine delegates from France, Germany, The Netherlands and the UK. These countries formed the core of the plenary meetings of SIMEG for the first few years with Finland and Sweden contributing extensively through their work in ad-hoc meetings. The chairman of the first meeting was Ge ´ rard Mazziotto from France Telecom – CNET. He held this position for 5 years until his resignation at SIMEG#31 in March 1993. By then the number of delegates attending the usually 1 or 2 day plenary meetings had stabilised to around 20 from seven countries. The plenary reports of those days often refer to the opinion of a national delegation. Industry experts attended courtesy of the (national) operators and only two industry delegates per country were allowed at a meeting. Industry contributions often stated the respective national administration as the source. This was, for instance, the case with the first document proposing what today is known as the Plug-in SIM. The description of a semi-permanent SIM GSM and UMTS: The Creation of Global Mobile Communication342 2 Folder B4 of the attached CD ROM contains a content list covering all documents quoted in this chapter sorted according to footnote numbers. Folder B4 contains most documents quoted. For the others a folder number is given in the content list. 3 GSM-WP1 217/87 rev1 (GSM 159/87): Draft terms of reference of the SIM expert group. 4 With the inclusion of UMTS into its work program, ETSI TC GSM (the former Group Spe ´ cial Mobile) became the Technical Committee TC SMG (Special Mobile Group). GSM1 (the former GSM-WP1) became SMG1 etc. The first SMG plenary (SMG#1) was held in January 1992. 5 Scope of SMG9 ‘‘ SIM Aspects’’ in SMG 477/94: Terms of references of TC SMG and its STCs. based on the IC card SIM was presented at SIMEG#5 in Munich in September 1988 by the author; it was sourced ‘‘ Deutsche Bundespost’’ . 6 This situation gradually changed and, with the transfer of the GSM specification work from the European Post and Telecommunication Authorities (CEPT) to ETSI in the summer of 1989, industry could attend the meetings in their own right. The first years were obviously dominated by the need to specify the basic functionality and physical features of the SIM and its interface to the mobile. The original role of the SIM was that of a security device as defined in the report of SIMEG#1 7 : A SIM is the physically secured module which contains the IMSI, an authentication algorithm, the authentication key and other (security related) information and functions. The basic function of the SIM is to authenticate the subscriber identity in order to prevent misuse of the MS (Mobile Station) and the network. This understanding of the function of the SIM underwent quite an evolutionary process which was, however, not always reflected in the requirement specification, GSM 02.17 Subscriber Identity Modules (SIM), functional characteristics. There was often the question of what was first: the technical realisation of a feature or the definition of the functional requirement. Though the document was revised intensively several times, it is no easy read- ing to gain an overview of the full functionality of the SIM. 13.4 Functionality, Form and Interface To fulfil its role as an authentication device bringing a new dimension of security to mobile communication networks, 8 the SIM had to be able to execute internally the operator specific authentication algorithm (A3) and to store securely the subscriber specific key (Ki) and other parameters needed for this task. Additional functionality, the physical forms of the SIM and its interface to the mobile were the three main topics for quite a few years. 13.4.1 Functionality At the third meeting in May 1988, SIMEG discussed for the first time that the SIM should also store data related to services and not only those data necessary for the security func- tions. Advice on this issue as well as on the creation of a new specification on SIM communication – which was later to become GSM 11.11 – was sought from the parent committee. GSM-WP1 supported the request from SIMEG and decided that the SIM should offer the capability to store information elements for the following features: Short Message Service (SMS), Advice of Charge (AoC), Abbreviated Dialling Numbers (ADN), Fixed Dialling Numbers (FDN), barring of outgoing calls, pre-programmed PLMN selector and language of announcement. 9 New data-fields on the SIM as well as new procedures for the interface between the SIM and the Mobile Equipment (ME) needed to be specified, while the constraints imposed by the memory provided by the special chips used in a SIM were a constant source for discussion. Chapter 13: The Subscriber Identity Module: Past, Present and Future 343 6 SIMEG 72/88: Semi-permanent SIM. 7 SIMEG 28/88: Report of the 1st SIMEG meeting, The Hague, 19-20 January 1988. 8 See Chapter 15: Security. 9 WP1 162/88, SIMEG 47/88: Letter from WP1 at SIMEG#4. 13.4.1.1 The Influence of the Memory Memory was a scarce resource. The chips of those days offered less than 10 kbytes of memory in total. Though the functionality and internal organisation of the chip in a SIM with its own CPU and on-board memory is comparable to a PC, it is not surprising that the performance of such a microprocessor chip is limited. State of the art chips had about 6 kbytes of mask- programmed Read Only Memory (ROM). This type of memory is used for data which are the same for a large number of cards as it cannot be changed. It typically contains the operating system and the GSM application including authentication algorithm(s) and application proto- col. The 2–3 kbytes of programmable memory, so-called EEPROM, would hold all the subscription and user (thus SIM) specific data such as the IMSI 10 and the secret, subscription specific key (Ki) for the authentication of the subscriber to the network as well as all the subscriber information now to be stored in the SIM. A typical SIM of those days supported the storage of about 20 abbreviated dialling numbers with 6-10 characters for each name and five short messages in addition to those data. The Random Access Memory (RAM) which is the ‘‘ working memory’’ was not even big enough to store all of a short message when this was transferred from the memory in the mobile equipment to the EEPROM in the SIM. The skills of the engineers when writing SIM software were constantly challenged and more than once it was a question of just a few bytes as to whether an extension of the functionality would fiton the chip or further optimisation of all the software would be required. Neither the huge success of GSM, nor the role of the SIM as the driving force for the smart card industry were foreseen in those days, rather the opposite opinion prevailed. The attitude of ‘‘ order a few million microprocessor chips and we may think about developing a product’’ may have been an extreme position around the turn of the 1990s but certainly an indication of the general feeling. So it is not surprising that chip manufacturers were reluctant to introduce new technologies and that it took until the mid-1990s for chips with just 8 kbytes of EEPROM to become available. Those chips offered storage for about 100 abbreviated dialling numbers and 20 short messages. The tremendous increase in the number of GSM subscribers at that time and GSM becoming by far the largest smart card consumer had a significant impact on the development of new smart card chips. Today’s chips offer over 100 kbytes of ROM, 64 kbytes of programmable memory, a few kbytes of RAM and often extra hardware for the execution of public key algorithms. This makes, in particular, the implementation of public key solutions for mobile commerce now a reality. Furthermore, the introduction of new types of memory such as flash memory will break up the ‘‘ historic’’ separation into ROM and EEPROM and lead to new ways in the handling of SIMs and its software management. 13.4.1.2 PIN Management and Other New Security Features March 1988 (SIMEG#2) saw the cipher key generation algorithm (A8) become part of the security functionality of the SIM. A8 generates the cipher key, Kc, which is then used by the cipher algorithm (A5) residing in the ME for the ciphering of the radio interface. It was now up to the operator, as the party responsible for the SIM, to choose the algorithm and thus the quality of the cipher key, Kc. Typically, A8 and the authentication algorithm A3 are combined into one algorithm denoted by A3/8. As 10 of the 64 bits of Kc were set to zero the ‘‘ effective key length’’ was 54 bits (though from a cryptographic point of view a key with GSM and UMTS: The Creation of Global Mobile Communication344 10 IMSI: International Mobile Subscriber Identity. This number uniquely identifies a network and the subscriber. several bits set to zero is not necessarily more ‘‘ effective’’ than a ‘‘ full length’’ 64 bit key). As the mobile and the base station system were not supposed to manipulate Kc but use it as received from the SIM and the Authentication Centre of the subscriber’s home network respectively, the ‘‘ effective key length’’ could be controlled by the operator. Some equipment manufacturers had, however, interpreted the specifications differently. The issue was finally clarified by SMG#30 in November 1999 where the original meaning was confirmed. User access to the SIM as a medium to provide GSM service is controlled by a Personal Identification Number (PIN). This number can be changed and freely chosen by the user within the range of 4-8 digits. The introduction of new features created a new security scenario as the user of the SIM might not be the subscriber. Typical examples at the time were lorry drivers using SIMs with fixed dialling numbers controlled by the fleet manager and SIMs supporting advice of charge with a spending limit set in the card by a parent. As the driver should not necessarily be able to edit the numbers or the child to reset the spending limit, a ‘‘ super-PIN’’ needed to be specified to protect the contents of the new data-fields against unauthorised changes. As neither of these two features was completed for phase 1, the super-PIN became a phase 2 item. Before its introduction in September 1991 at SIMEG#23, it was renamed PIN2 to emphasise the fact that it was not superior to the normal PIN, but of a similar nature, accessing data-fields compared with accessing an application. PIN Unblocking Keys (PUKs) had been introduced by SIMEG as another hitherto unknown feature. The PUK provides the user with a means to reactivate the corresponding PIN which had previously been blocked by wrong PIN entries. The actual process of keying in a PIN with the subsequent verification by the SIM is, however, not mandated by the specifications. These allow disabling of the check of the PIN altogether (though not of PIN2) subject to the discretion of the operator who has to find the right balance between security and ease of use for its specific clientele or group of subscribers. As this feature is programmed during the personalisation of the SIM, it can be set on a per SIM basis as specified by the operator. An interesting interaction between PIN check and security is the order in which the PIN check and the authentication of the SIM by the network are performed. Doing the PIN check first, as introduced by SIMEG#32 in May 1993, has two advantages. The prompt for the user to key in the PIN comes immediately after the mobile has been switched on, and not after the log-on to the network which may take some time in particular when roaming. It also mitigates the possibility of a cryptographic attack against the (SIM specific) secret subscriber authen- tication key of a stolen SIM as the correct PIN of the ‘‘ interrogated’’ SIM would have to be presented to the SIM prior to the delivery of the authentication challenges (unless the PIN check is disabled). Such attacks briefly surfaced in spring 1998. 11 13.4.2 Physical Form or Realisation of the SIM The functional splitting of the MS into ME and SIM was described in GSM-WP1 document 173/87. 12 Three different types of SIMs had been identified for specification: fixed, removable and contained in an IC card. Chapter 13: The Subscriber Identity Module: Past, Present and Future 345 11 SMG 475/98: Statement by SMG9 and SMG10 chairmen; see also Chapter 15: Security. 12 GSM-WP1 173/87: Functional Split of MS into ME and SIM. 13.4.2.1 The ID-1 Card The first mobile network to employ a smart card for the authentication of the subscriber to the network was the analogue network Netz-C of the Deutsche Bundespost (later Deutsche Telekom). This subscriber card had evolved from a ‘‘ magstripe device’’ just like a credit card, via a card having a memory chip containing the subscription details, to an IC card containing a microprocessor chip for authentication and other purposes. As such smart cards were already deployed in the field, it was not surprising that this solution was also adopted for GSM. Looking at it from today’s perspective, it is interesting to note how much time was devoted to certain aspects of the IC card or ID-1 SIM (ID-1 is the standardised name for cards having this format). It was generally assumed that most SIMs would have this format and that they might also be used as, say a payment card outside the mobile. For this reason ID-1 SIMs were allowed to be embossed like a credit card and even today the slot of an ME supporting an ID-1 SIM has to be designed to cater for an embossed SIM. No such SIM saw a subscriber. With the change of the business model, the SIM manufac- turers stopped the extensive and mostly unsuccessful testing. The new card material needed to satisfy the high temperature requirements of GSM imposed on the SIM, was not really suited for embossing. The tests resulted, in most cases, in pretty warped cards. A much discussed and thought to be typical scenario for the SIM was its use in a car phone. How much contact pressure needed to be exerted by the card reader in the phone to the SIM contact area so that communication between the card and the car phone would work under ‘‘ extreme driving conditions’’ ? It was also assumed that people might own a SIM and no phone, or just travel with a SIM. A subscriber enters a taxi, which has a GSM phone in the boot with an in-built plug-in SIM, and uses his or her own ID-1 SIM in the telephone receiver in the back of the taxi to make a call to be charged to this SIM. These thoughts and scenarios are behind the requirement that an ID-1 SIM takes precedence over the plug-in SIM as stated in GSM 02.17 until June 1998 when, in connection with the specification of a second card reader driven by the SIM application toolkit, the choice for the precedence was left to the user. Interestingly enough, similar ideas are now discussed by 3GPP for car pooling and access to multi-media devices from each seat in a car. 13 The reality was different. More and more ID-1 SIMs were delivered ‘‘ pre-punched’’ so that the user could break out the plug-in SIM. Though overall market figures are not available, it can be deduced from the numbers of a major operator that as early as 1995 the number of pre- punched SIMs exceeded the number of ID-1 SIMs, with this number approaching nearly 100% of the total SIM market in 1998. These were also the days of the manufacturers of punching machines and Plug-in adapters whose products transformed ID-1 SIMs into Plug-in SIMs and vice versa. These adapters were clearly outside the relevant GSM specifications with respect to thickness, bending and torsion. Nevertheless, they were widely used. SMG9 was even asked by the Terminal Work- ing Group (TWG) of the GSM MoU to specify an adapter. This was rejected by the SMG9 plenary meeting in March 1996 on grounds of violation of its core documents and potential liability issues. Also outside the GSM specifications was the use of a ‘‘ pre-punched’’ SIM as an ID-1 SIM in a mobile requiring the latter. Special punchings were, however, developed around 1996 to minimise the risk of damaging the card reader in the mobile when a pre- GSM and UMTS: The Creation of Global Mobile Communication346 13 TP-010066: UE functionality split over physical devices, TSG-T#11, Palm Springs, March 2001. punched SIM was inserted or removed. The potential damage consisted of the contacts of the card reader falling into the gap between the plug-in part and the remaining part of the ID-1 SIM thus getting torn, resulting in an unusable telephone. Operators had quite an interest in such solutions as this drastically reduced their logistic problems and cost – one instead of two types of SIM. 13.4.2.2 The Fixed Solution The ‘‘ fi xed’’ SIM was a major topic at SIMEG#2 in March 1988. 14 This solution meant that all functions of the SIM including the (secret) operator specific authentication algorithm and the secret subscription specific key used for the authentication of the subscriber, would be an integral, thus fixed, part of the mobile. Such mobiles would be operator and even subscriber specific. SIMEG agreed that this solution would have severe disadvantages with respect to flex- ibility and security. Apart from the question of whether secret keys could be stored securely in a mobile, considering all the issues around the storage of the IMEI, a fixed solution would require a loading mechanism for the authentication algorithm and the secret subscriber key as well as a mechanism to replace such an algorithm or the original key. These concerns were also expressed in a letter to SIMEG by MoU-BARG, the billing and accounting rapporteur group within the GSM MoU. 15 The letter further points out ‘‘ the commercial impact of the fixed SIM solution with respect to the possibility of free trade with mobile equipment. … Thus (commercial) barriers would be raised in relation to the trade of mobile equipment.’’ Other concerns were related to potential security issues when a mobile was repaired and to the handling of personal user data when the subscriber replaced the mobile. GSM-WP1 followed the conclusions of SIMEG and the concept of the fixed SIM was dropped altogether in early 1988. 13.4.2.3 The Plug-in SIM The form of the removable plug-in SIM was discussed quite controversially for nearly 9 months while agreement on the lower layers had already been reached at SIMEG#3: ‘‘ The electrical and logical interfaces for IC card SIMs and plug-in SIMs will be identical in principal, and according to ISO 7816’’ . The ISO/IEC 7816 16 series of standards forms the core reference for all smart card applications. The first proposals for the physical form of the plug-in SIM were discussed at the two following meetings where the UK and Germany presented their solutions. The first proposal by the UK, later modified to a more compact 28 pin J-lead package, was the use of existing electronic components in the form of a 24 pin DIL socket with only eight pins connected as ISO 7816 specified just eight contacts. In the German proposal already mentioned above, the plug- Chapter 13: The Subscriber Identity Module: Past, Present and Future 347 14 SIMEG 43/88: Report of the 2nd SIMEG meeting, Paris, 16-17 March 1988. 15 SIMEG 12/88: Letter from MoU-BARG meeting to SIMEG (prior to the foundation of the GSM association, the GSM operators were organised within the GSM MoU – the name derived from their memorandum of understanding). 16 ISO: International Organisation for Standardization; IEC: International Electrotechnical Commission. ISO/IEC 7816, Information technology – Identification cards – Integrated circuit(s) cards with contacts. Prior to the formation of the Joint Technical Committee 1 (JTC1), Information technology by ISO and IEC in 1988 these standards were published by ISO and still today people refer to them as ISO standards. in SIM was a ‘‘ cut-down IC card’’ obtained by simply cutting away the ‘‘ excessive’’ plastic of an ID-1 SIM and thus reducing the size to 25 £ 15 mm. This realisation would allow the use of existing technology for production and personalisation and the interface to the ME would be identical to the that of the ID-1 card. The discussions about the advantages and disadvantages of the two proposals centred sometimes around interesting aspects of removable, though potentially rarely removed components. Concerns were raised about the handling of the cut-out version which was, however, equally applicable to a DIL package. Would a little tool coming with the DIL package and similar to the one used by a dentist for testing a filling, satisfy the requirement in Recommendation GSM 02.17 that the SIM is a removable module which can (easily) be inserted and removed by the subscriber? Would the consistent pressure and connection cause gold wandering between the contacts of the cut-out version and the card reader? It was clarified that voltage and current would clearly not be high enough to cause any such problem. As GSM-WP1 wanted the final say in this issue, SIMEG was requested to elaborate a decision document outlining the advantages and disadvantages of the two proposals. Respec- tive documents were elaborated by both delegations but in the end not required. The matter was resolved by SIMEG itself at its eighth plenary meeting which took place in Issy-les- Moulineaux (Paris) in January 1989. As no delegation no longer supported the 24 pin DIL package or the modified proposal, unanimous agreement was reached in favour of the cut-out version. GSM-WP1 endorsed the proposal at its meeting in Madrid a month later in February. The statement about the SIM being a removable module was also clarified at that meeting for the Plug-in SIM by inserting the following text in GSM 02.17: ‘‘ It is intended to be semi- permanently installed in the ME’’ . The precise meaning of ‘‘ semi-permanently’’ was left to the manufacturers who have come up with a lot of good and compact solutions since then (Figure 13.1). GSM and UMTS: The Creation of Global Mobile Communication348 Figure 1.3.1 Early (hand-made) samples of Plug-in SIMs The final form of the Plug-in SIM realises the UK proposal that the Plug-in SIM shall be positioned in the mobile by means of a cut-off corner and not by a hole, as originally proposed. This simplified the manufacturing process and SIMEG#10 agreed on the final form as contained in document SIMEG 60/89 for incorporation into GSM 11.11. 17 13.4.2.4 Mini-SIM and Mini-DAM In September 1990, the Association of European PCN Operators 18 proposed a third size for the SIM card, a third of the size of the ID-1 SIM: ‘‘ Large enough to be frequently insertable and removable by handset end users. The ability to do this easily and reliably will maximise smart card use. … Small enough to not impact on handset design and shape/style.’’ 19 This mini-smart card appeared in the report of SIMEG#20 in January 1991 as a phase 2 work item only to be removed from the same by the GSM1 meeting in Bonn as reported at SIMEG#22 in May 1991. The idea resurfaced in September of that year with an explicit reference to the mini-card of the DCS 1800 operators as one of the requirements for the realisation of the DECT Authen- tication Module (DAM). 20 The concept of this module was similar to that of the SIM with the actual specification work commencing in October 1991 in an expert group chaired by me. The dimensions of the mini-DAM were different to the original proposal of the DCS 1800 operators. The size of the Paris metro ticket competed with a card of dimensions 66£33 mm being the top left part of an ID-1 DAM (or SIM). The latter was eventually chosen as it allowed to construct card readers which could accept both an ID-1 DAM and a mini-DAM. The fate of a third card size was finally sealed in early 1994. For reasons of compatibility with GSM, the mini-DAM was dropped from the specification in response to requests by the national standards bodies of France and the UK made in the public enquiry preceding the publication of the DAM as a European telecommunication standard. 21 The DAM group rejected the additional French request to delete the plug-in DAM. Among the reasons given for the deletion were ‘‘ the difficulty in handling the plug-in’’ , ‘‘ printing restrictions’’ and that ‘‘ the state-of-the-art in GSM handsets shows that it is no more a problem to integrate an ID-1 card in the handset as some mobile manufacturers provides now a full ID-1 card interface (as) part of the original design’’ . To follow the request would have been a de- alignment with GSM, also affecting the planned DECT-GSM interworking. 13.4.3 GSM 11.11 – The SIM-ME Interface Specification Would the functionality of the SIM laid down in GSM 02.17 not be sufficient for operators to write their own interface specifications based on the relevant international standards of ISO/IEC for smart cards? It certainly would, but, what about interoperability? International standards often contain numerous options due to the wide range of applications they have to Chapter 13: The Subscriber Identity Module: Past, Present and Future 349 17 SIMEG 45/89: Proposal for outline of semi-permanent SIM; SIMEG 60/89: Plug-in SIM (drawing). 18 Personal Communications Network, later DCS 1800 (Digital Cellular System 1800) and then GSM 1800. 19 GSM1 171/90: Mini smart card. 20 RES 3S 37/91: Requirements for DECT authentication module specification. DECT: Digital Enhanced (then European) Cordless Telecommunications. 21 ETSI Public Enquiry (PE 47) closing 31 December 1993. The DAM specification was published as the European Telecommunication Standard ‘‘ ETS 300 331, Radio Equipment and Systems (RES); Digital European Cordless Telecommunications (DECT); DECT Authentication Module (DAM)’’ only in November 1995. cater for, and to the conflicting interests of the parties involved in their creation. There is usually no specific application driving the standardisation process. It is thus not too difficult to specify smart card systems which are fully compliant with the same international standards but not compatible with each other. Rephrasing the question highlights the issue and one of the factors behind the success of GSM: † Shall every SIM work in every mobile independently of the issuing operator, the mobile manufacturer and the SIM manufacturer and thus enable a global market for mobiles; or † Shall there be operator specific mobiles, at least from a software point of view, and thus a fragmentation of the mobile market? The third SIMEG plenary in May 1988 agreed to seek advice from its parent committee on the creation of a new specification on SIM communication. At the following SIMEG meeting it was reported that GSM had created ‘‘ Recommendation GSM 11.11: SIM specifications’’ to ‘‘ define the internal logical organisation of SIMs and it specifies its interface with the outside world. As a consequence, this recommendation also specifies the part of the ME which communicates with the SIM.’’ For years to come the work of SIMEG was dominated by the completion and the enhancements of this document. The first milestone was the finalisa- tion of the phase1 version. Phase 1 documents were going to be frozen in early 1990 as the first networks were supposed to go on air in mid-1991. To achieve this milestone and to advance the document to a stable level, numerous specialised meetings were called for. 13.4.3.1 The Electrical Interface and the Environment One major issue was the communication protocol itself. Not surprisingly, the battles known from ISO/IEC were also fought out at SIMEG. The French delegation promoted ‘‘ their’’ byte or character-oriented transmission protocol T ¼ 0, the German delegation tried to introduce the block-oriented T ¼ 1 protocol. It was a lost cause. T ¼ 0 had been specified in the first edition of ISO/IEC 7816-3 ‘‘ Electronic Signals and Transmission Protocols’’ in 1989, the core document for all smart card work, while T ¼ 1 was published only in 1993 when the GSM system was already up and running. As a compromise SIMEG had agreed that ‘‘ The transmission protocols to be used between SIM and ME shall at least include the choice of the character per character protocol specified and denoted by T ¼ 0 in IS 7816-3’’ . 22 This left it open to manufacturers to include, in addition to T ¼ 0, the transmission protocol T ¼ 1. With such a wording, it is inevitable that no SIM or ME ever had the choice to communicate with their counterpart by means of T ¼ 1. Eleven years later, the support of both protocols became mandatory for all terminals being compliant with the new smart card platform specification. The choice is now left to the application on the card (such as a USIM) which may commu- nicate with the terminal using either protocol. SIMEG#9 also saw the first deviation of an electrical parameter from the core standard. In recognition of the special environment of mobile communication with a limited power supply, SIMEG restricted the maximum power consumption of a SIM to 10 mA, compared with 200 mA then allowed by ISO/IEC 7816-3. The requirement was a challenge to chip manufacturers, in particular when incorporating special, power consuming hardware to support public key cryptography. The challenges were solved. Also the other new parameters GSM and UMTS: The Creation of Global Mobile Communication350 22 SIMEG 83/89: Report of the 9th SIMEG meeting, The Hague, 29-30 March 1989. [...]... the management of Recommendations GSM 02.17 and GSM 11.11 However it seems that GSM and MoU network operators might need some expertise from SIMEG as it concerns the definition of acceptance tests for the SIM and the elaboration of SIM administrative management procedures It is clear that such expertise could be provided by reports to GSM, for guidance only, and not as mandatory implementation … Concerning... were the topics until GSM 11.11 was ‘‘frozen’’ for phase 1 (i.e no new technical features, only error fixing) by GSM# 26 in Sophia Antipolis in March 1990 13.5 Phase 2 By May 1990, SIMEG had compiled a first list of work to be done for GSM phase 2 Apart from the maintenance of the ‘‘frozen’’ GSM 02.17 and GSM 11.11 specifications, SIMEG intended to introduce 3 V technology and ‘‘discuss and specify SIM requirements... SIMEG#21 and several attempts were made and failed A major obstacle proved the language itself Improving just the language required 24 GSM 09.91: Interworking aspects of the SIM/ME interface between phase 1 and phase 2 354 GSM and UMTS: The Creation of Global Mobile Communication detailed technical background The editorial update was only one issue, the other issue was the harmonisation and alignment... Telecommunications integrated circuit(s) cards and terminals series of standards was developed by ETSI in collaboration with the European Standards Committee (CEN) This standard is usually referred to by the name of the ETSI committee having developed the series as the ‘‘TE9 standard’’ (Terminal Equipment, Sub Technical Committee 9) GSM 11.11 and EN 726 were developed in parallel and the relations between the two... decision about changing GSM 11.11 One of the very first changes to GSM 11.11 was the removal of all those sections purely related to the administrative management phase of the SIM Some operators considered the personalisation of SIMs their very own matter and outside the scope of the GSM committee 23 SIMEG 143/89: Report of the 11th SIMEG meeting, Lund, 18-19 July 1989 352 GSM and UMTS: The Creation of... Administrative commands for telecommunication applications 362 GSM and UMTS: The Creation of Global Mobile Communication 13.8.2 Reducing the Scope – The Transition to 3GPP The 1998 agreement of Standards Development Organisations of Europe, Japan, Korea and the USA 36 to jointly develop a mobile communication system for the next, the third generation (3G), created new committees and new working structures... work item was approved by SMG#29 in Miami in June 1999 as part of SMG9’s mandate on generic IC card standards for ETSI The original idea was to combine, in a new specification, the sections of GSM 11.11 describing the electrical and mechanical characteristics, with the two low voltage SIMME interface specifications GSM 11.12 (3 V) and GSM 11.18 (1.8 V) This way, all physical interface parameters were contained... subsequently into Release 4 of GSM 11.11 in early 2001 30 358 GSM and UMTS: The Creation of Global Mobile Communication apparent that it would be beneficial to merge the two work items ‘‘pro-active SIM’’ and ‘‘SIM data download’’ to a (single) SIM execution environment The SIM application toolkit was born 32 A year and a half later, the first version of GSM 11.14 Specification of the SIM-ME interface for the... 11.14 Specification of the SIM-ME interface for the SIM application toolkit was approved at the 50th plenary meeting of GSM/ SMG in Bonn in April 1996 GSM 11.14 defines a set of commands and procedures which are complementary to those specified in the basic SIM-ME interface standard (GSM 11.11) for ‘‘normal’’ operational use Applications designed in accordance with this specification do not need any special... outstanding IPR issue Java TM is, of course, not the only language on which a SIM application toolkit API could be based today Other candidates are MULTOS and Microsoft Standardising a second or even a third API was, at the time, considered to be counterproductive to the idea of having a standard one This opinion, which was very much supported by MoU SCAG, the smart card application group of the GSM . historic’’ separation into ROM and EEPROM and lead to new ways in the handling of SIMs and its software management. 13.4.1.2 PIN Management and Other New Security. foundation of the GSM association, the GSM operators were organised within the GSM MoU – the name derived from their memorandum of understanding). 16 ISO: